I have a Flask app that's running inside a Docker container, and I can run it using the following command.
docker run -e DB_HOST=<...> -e DB_PORT=<...> -e DB_NAME=<...> -e DB_USER=<...> -e DB_PASSWORD=<...> -p 8080:8080 <tag name>
Before the database was on AWS, now the database is running on a MAC laptop. So how can the Flask app from the docker container to connect to the hosts Postgres' database? What should be my DB_HOST?
For security reasons a Postgres server make it hard to connect to it. By default you can connect to the server from localhost and 127.0.0.1.
This does not work from within Docker since localhost refers to the running docker container not your laptop.
You have to connect from Docker to the IP address of your laptop.
You can find your laptop's IP on a Mac in System Preference > Network
Or you can use ifconfig | grep inet.
You need to modify 2 Postgres config file:
postgresql.conf and pg_hba.conf
For file: /usr/local/var/postgres/postgresql.conf
add this line to listen to everything:
listen_addresses = '*' # what IP address(es) to listen on;
Or add your specific laptop IP.
For file /usr/local/var/postgres/pg_hba.conf add a line like this with your IP:
host all all 192.168.1.3/32 md5
Restart the Postgres server when you are done.
Related
I need help in connecting PostgreSQL which is installed in Docker inside HyperV ubuntu 18.4 from Windows 10 PgAdmin. So far I tried the following
Step 1: Install Postgres in Docker (Ubuntu running on Hyper-V)
sudo docker run -p 5432:5432 --name pg_test -e POSTGRES_PASSWORD=admin -d postgres
Step 2: Create a database
docker exec -it pg_test bash
psql -U postgres
create database mytestdb
Step 3: Get the ip address
sudo docker inspect pg_test | grep IPAddress
//returned with 172.17.0.2
Step 4: pg_hba.conf
host all all 0.0.0.0/0 md5
Step 5: When I try to connect from Windows PgAdmin 4, I get this below error -
Note: I have also tried using UBUNTU VM IP address, but no luck
Your's is a case where you are trying to connect to postgres from another subnet, i.e windows subnet to hyper visor subnet if you are not using bridged protocol.
So case 1:
If this is on NAT\HOST and not on bridge then you need to make sure you are able to ping the ubuntu server from windows server.
next is make sure that port is open from ubuntu's end. How do you check that, do a telnet on the port number from windows cmd prompt.
telnet 192.168.0.10 5432
if you are bridged and you can ping ping the server as well, checked that port is opened which is telnet works. You need to make sure that in the postgres.conf file
"listen address" is to "*". which is all.
Again from OS level in ubuntu run the command systemctl stop firewalld to stop firewall and then try to connect. IF this works then you need to open the port in the firewall using this command:
firewall-cmd --permanent --add-port 5432/tcp
I can see from you docker image that 5432 is already opened. This is more of port mapping and firewalld stuff.
You may want to check that pg_hba.conf is not restricted to local. It should not be the case for docker image but you never know.
See: https://www.postgresql.org/docs/9.1/auth-pg-hba-conf.html
Also, there is a typo: POSTGRES_PASSWOR=admin is missing D, it should be POSTGRES_PASSWORD=admin.
You don't need container IP. Since you have mapped container port to host machine (Ubuntu) anyone outsider just needs the Ubuntu machine IP, and on Ubuntu itself you can use localhost.
I am having trouble setting up an ssh tunnel on my mac machine. I have no problems setting up the tunnel on my ubuntu box. This is the command I run
ssh -nNT -L 172.18.0.1:4000:production-database-url:3306 jump-point
When I run this on my mac, I get the following error:
bind [172.18.0.1]:4000: Can't assign requested address
channel_setup_fwd_listener_tcpip: cannot listen to port: 4000 Could
not request local forwarding.
If I run without the bind_address (172.18.0.1), I am able to connect to the database via the tunnel.
If I bind to all interfaces (0.0.0.0), then tunnel is open, however, the connection to the database from inside the docker container does not work.
172.18.0.1 is the IP of docker's default bridge network gateway, not your host's IP.
You can run this command to check that.
$ docker network inspect bridge
Docker for Mac has limitations
There is no docker0 bridge on macOS (it's in the docker VM host on Mac and on Windows)
You cannot ping containers (without shaving a bunch of yaks)
Per-container IP addressing is not possible
Also note that this means the docker run option --net-host is not supported on Mac, but maybe that's a good thing
There is a workaround
These magic addresses resolve to the host's IP from within a container
docker.for.mac.localhost (deprecated)
docker.for.mac.host.internal (deprecated)
host.docker.internal
This resolves to the gateway of the host mac
gateway.docker.internal
Use the name host.docker.internal from within the container just like you would use localhost on the mac directly.
Don't worry about the bind address for the tunnel:
ssh -nNT -L 4000:production-database-url:3306 jump-point
You didn't mention which database but I take it from the port 3306 that it is MySQL.
To connect using the mysql cli from within a container, via an ssh tunnel on your host, to a remote mysql database server you can run:
mysql --host host.docker.internal [... other options go here]
I am reading the docs here and I find myself a bit confused, since running
docker run --name some-mysql -p 3306:3306 -d mysql
or
docker run --name some-mysql -p 127.0.0.1:3306:3306 -d mysql
then mysql --host localhost --port 3306 -u root gives me the following error :
ERROR 2002 (HY000): Can't connect to local MySQL server through socket '/tmp/mysql.sock' (2).
But running mysql -u root -p --host 0.0.0.0 works.
Does someone have an explanation ?
With docker port forwarding, there are two network namespaces you need to keep track of. The first is inside your container. If you listen on localhost inside the container, nothing outside the container can connect to your application. That includes blocking port forwarding from the docker host and container-to-container networking. So unless your container is talking to itself, you always listen on 0.0.0.0 with the application you are running inside the container.
The second network namespace is on your docker host. When you forward a port with docker run -p 127.0.0.1:1234:5678 ... that configures a listener on the docker host interface 127.0.0.1 port 1234, and forwards it to the container namespace port 5678 (that container must be listening on 0.0.0.0). If you leave off the ip, docker will publish the port on all interfaces on the host.
So when you configure mysql to listen on 127.0.0.1, there's no way to reach it from outside of the container's networking namespace. If you need to prevent others outside of your docker host from reaching the port, configure that restriction when publishing the port on the docker run cli.
As described in the mysql documentation (https://dev.mysql.com/doc/refman/5.7/en/connecting.html), when you connect to 127.0.0.1 with the client, it'll try to use the unix sockets to perform this operation. Normally this would work fine since it's on the same host. In Docker the socket file is not available.
I have a docker image and when I run it I need to pass the host machine IP address as an environment variable. So I need something like this:
docker run --rm -it -e HOST_IP=<?????> -p 8000:8000 image
I am using Docker on OS X. Basically this image is running a service that I want to connect to my local PostgreSQL server. The service reads the server host IP from an environment variable.
How do I get the IP of the host machine for docker to use?
If I use local machine address 192.168.99.1 (from ifconfig), psycopg2 complains:
psycopg2.OperationalError: FATAL: no pg_hba.conf entry for host "192.168.99.100", user "postgres", database "database", SSL off
The address 192.168.99.100 mentioned in the error is the IP of my docker-machine.
How can I get the correct IP?
I'm not sure you could visit the host IP inside the docker container. Because I believe they are inside different network.
Instead of visit pgSQL on host, you should run pgSQL in another docker container, then use docker-compose.yml to connect the two docker containers, so they could link to each other, and visit each other by IP.
More details on: https://docs.docker.com/compose/compose-file/
We are trying to use docker to run nginx but for some reason I'm unable to access the nginx web server running inside the docker container.
We have booted a Docker Container using the following Dockerfile: https://github.com/dwyl/learn-docker/blob/53cca71042482ca70e03033c66d969b475c61ac2/Dockerfile
(Its a basic hello world using nginx running on port 8888)
To run the container we used:
docker run -it ubuntu bash
we determined the Container's IP address using the docker inspect command:
docker inspect --format '{{ .NetworkSettings.IPAddress }}' a9404c168b21
which is: 172.17.0.11
when I try to visit the container's IP address and the nginx port in a browser http://172.17.0.11:8888/ we get ERR_CONNECTION_TIMED_OUT
or using curl:
curl 172.17.0.11:8888
curl: (7) Failed to connect to 172.17.0.11 port 8888: Connection refused
To attempt to solve this we googled extensively but suspect we might be asking the "wrong" questions...
You shouldn't be trying to hit the IP address of the container, you should be using the IP address of the host machine.
What you are missing is the mapping of the port of the host machine to the port of the container running the nginx server.
Assuming that you want to use port 8888 on the host machine, you need a parameter such as this to map the ports:
docker run ... -p 8888:8888 ...
Then you should be able to access you server at http://<HOST_MACHINE_IP>:8888
EDIT: There is another gotcha if you are running on a Mac. To use Docker on a Mac it's common to use boot2docker but boot2docker adds in another layer. You need determine the IP address of the boot2docker container and use that instead of localhost to access nginx.
$ boot2docker ip
The VM's Host only interface IP address is: <X.X.X.X>
$ wget http://<X.X.X.X>:8888
...
Connecting to <X.X.X.X>:8888... connected.
HTTP request sent, awaiting response... 200 OK
Reference: https://viget.com/extend/how-to-use-docker-on-os-x-the-missing-guide
EDIT: ... or with docker-machine the equivalent command would be docker-machine ip <machine-name> where <machine-name> is likely to be "default".
You may need to check if your container is running:
docker ps ( you should have an active container)
If no container is active:
docker run -p 80:80 -it /bin/bash
you will then be on your image terminal
start nginx - sudo service nginx start
ctrl p + ctrl q to quit docker without exiting the container
if you are on mac and using boot2docker you cannot use localhost to check your running nginx
so use boot2docker ip
browse using the boot2docker ip